Re: [v9.3] Row-Level Security
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Florian Pflug <fgp@phlo.org>
Cc: Kohei KaiGai <kaigai@kaigai.gr.jp>, Robert Haas <robertmhaas@gmail.com>, PgHacker <pgsql-hackers@postgresql.org>
Date: 2012-06-28T15:46:50Z
Lists: pgsql-hackers
Florian Pflug <fgp@phlo.org> writes: > On Jun28, 2012, at 17:29 , Tom Lane wrote: >> I believe it works today, because the executor only applies permissions >> checks during query startup. So those checks are executed while still >> within the SECURITY DEFINER context, and should behave as expected. >> Subsequently, the cursor portal is returned to caller and caller can >> execute it to completion, no problem. > Don't we (sometimes?) defer query startup to the first time FETCH is > called? There are things inside individual plan node functions that may only happen when the first row is demanded, but permissions checks are done in ExecutorStart(). regards, tom lane